Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5d9a548a by Moritz Muehlenhoff at 2026-06-27T13:24:05+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -780,13 +780,13 @@ CVE-2026-44018 (Docling simplifies document processing by
parsing diverse format
CVE-2026-40711 (Dell Dell Container Storage Modules, version(s) csi-powerstore
v2.16.0 ...)
NOT-FOR-US: Dell / EMC
CVE-2026-3472 (Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3,
11.5.x <= 1 ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2026-33646 (mise manages dev tools like node, python, cmake, and
terraform. Prior ...)
TODO: check
CVE-2026-30041 (An integer overflow in the PSD parser compnent of FastStone
Image View ...)
- TODO: check
+ NOT-FOR-US: FastStone ImageViewer
CVE-2026-30040 (A heap overflow in the FSViewer.exe process of FastStone Image
Viewer ...)
- TODO: check
+ NOT-FOR-US: FastStone ImageViewer
CVE-2026-2053 (The WSO2 API Manager's message flow component, when processing
WS-Addr ...)
NOT-FOR-US: WSO2
CVE-2026-28385 (In Canonical LXD versions 4.12 through 6.9, a Server-Side
Request Forg ...)
@@ -798,21 +798,21 @@ CVE-2026-21734 (A web page that contains unusual GPU
shader code is loaded into
CVE-2026-1869 (The User Registration & Membership \u2013 Free & Paid
Memberships, Sub ...)
NOT-FOR-US: WordPress plugin
CVE-2026-13434 (A flaw was found in KubeVirt's network annotation generator.
When a te ...)
- TODO: check
+ NOT-FOR-US: KubeVirt
CVE-2026-13426 (The Mattermost Go module
github.com/mattermost/mattermost/server/publi ...)
TODO: check
CVE-2026-13372 (Incorrect link resolution by display name in the custom
PowerShell VPN ...)
NOT-FOR-US: Devolutions
CVE-2026-13325 (A flaw was found in KubeVirt's migration proxy. When
spec.configuratio ...)
- TODO: check
+ NOT-FOR-US: KubeVirt
CVE-2026-12411 (Broken Access Control in the devLXDInstancePatchHandler
component of C ...)
TODO: check
CVE-2026-11779 (An Improper Authorization vulnerability exists in PayloadCMS
version 3 ...)
- TODO: check
+ NOT-FOR-US: PayloadCMS
CVE-2026-0828 (Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint
client x ...)
- TODO: check
+ NOT-FOR-US: Safetica
CVE-2026-0685 (Server side template inject (SSTI) in the expression evaluation
compon ...)
- TODO: check
+ NOT-FOR-US: Genshi
CVE-2025-7958 (A Code Injection vulnerability existed in Trellix Network
Security CM ...)
TODO: check
CVE-2025-68075 (Contributor Cross Site Scripting (XSS) in BNE Testimonials <=
2.0.8 ve ...)
@@ -842,11 +842,11 @@ CVE-2025-63041 (Contributor Broken Access Control in
Forget About Shortcode Butt
CVE-2025-55017 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-32423 (AutoGPT is a workflow automation platform for creating,
deploying, and ...)
- TODO: check
+ NOT-FOR-US: AutoGPT
CVE-2025-32394 (AutoGPT is a workflow automation platform for creating,
deploying, and ...)
- TODO: check
+ NOT-FOR-US: AutoGPT
CVE-2025-11919 (The default JVM can access files and directories under `/tmp/`
includi ...)
- TODO: check
+ NOT-FOR-US: Wolfram Cloud
CVE-2026-11702 (Bytes::Random::Secure::Tiny versions through 1.011 for Perl
share inte ...)
NOT-FOR-US: Bytes::Random::Secure::Tiny Perl module
CVE-2026-11625 (Bytes::Random::Secure versions through 0.29 for Perl share
internal st ...)
@@ -964,7 +964,7 @@ CVE-2026-46601 (The webp decoder can panic when processing
a VP8 chunk with dime
NOTE: https://github.com/golang/go/issues/79869
NOTE: Fixed by:
https://github.com/golang/image/commit/c5511df3ee92e86ce3fa383fdd247080019257c7
(v0.43.0)
CVE-2026-44622 (Charging station authentication identifiers are publicly
accessible vi ...)
- TODO: check
+ NOT-FOR-US: Evoke
CVE-2026-43920 (FOSSBilling is a free, open-source billing and client
management syste ...)
NOT-FOR-US: FOSSBilling
CVE-2026-40941 (Cacti is an open source performance and fault management
framework. Ve ...)
@@ -992,19 +992,19 @@ CVE-2026-40080 (Cacti is an open source performance and
fault management framewo
NOTE: https://github.com/Cacti/cacti/pull/7039
NOTE: Fixed by:
https://github.com/Cacti/cacti/commit/4c09efaebf3a9faec66969d0b5c4aceaf397f37f
(release/1.2.31)
CVE-2026-38640 (A reachable unwrap in the __assert_fail function
(/assert/mod.rs) of r ...)
- TODO: check
+ NOT-FOR-US: relibc
CVE-2026-38637 (An issue in the pthread_rwlockattr_setpshared() function of
relibc com ...)
- TODO: check
+ NOT-FOR-US: relibc
CVE-2026-37454 (Insecure Permissions vulnerability in MSI NBFoundation Service
v.2.0.2 ...)
- TODO: check
+ NOT-FOR-US: MSI NBFoundation Service
CVE-2026-37453 (Insecure Permissions vulnerability in MSI NBFoundation Service
v.2.0.2 ...)
- TODO: check
+ NOT-FOR-US: MSI NBFoundation Service
CVE-2026-37452 (Insecure Permissions vulnerability in MSI NBFoundation Service
v.2.0.2 ...)
- TODO: check
+ NOT-FOR-US: MSI NBFoundation Service
CVE-2026-37149 (GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN
v1.0 wa ...)
- TODO: check
+ NOT-FOR-US:
GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN
CVE-2026-2299 (The Mattermost Google Drive plugin before version 1.1.0 fails
to valid ...)
- TODO: check
+ NOT-FOR-US: Mattermost plugin
CVE-2026-22879 (vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer
overflow ...)
TODO: check
CVE-2026-13322 (A flaw was found in KubeVirt's downward metrics virtio-serial
server. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d9a548af7979aaad242c14de7d175a73bd2c4c5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d9a548af7979aaad242c14de7d175a73bd2c4c5
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits